Senior Manager - Red Team & Configuration HDB Financial Services

8.0 - 12.0 years

10 - 15 Lacs

navi mumbai

Work from Office

HDB Financial Services Ltd is looking for an experienced Red Team Assessment expert to join our Cyber Security Team. This role is responsible for simulating real-world attacks to test the effectiveness of our security controls, detection capabilities, and incident response processes. The ideal candidate will have a strong background in offensive security, a deep understanding of adversary tactics, and the ability to provide actionable insights to strengthen our overall security posture. Technical Configuration Audit Based Assessment role to strengthen our IT and Cyber Security Posture. The role is responsible for reviewing assessing and auditing systems, network and security configuration to ensure compliance with internal policies, regulatory requirement and industry best practices. This role will play a key role in identifying misconfiguration, recommending corrective measures and ensuing that IT and Cyber Security solution are implemented securely and effectively. KEY RESPONSIBILITIES Red Team Assessment 1. Conduct red team exercises to mimic sophisticated cyberattacks and evaluate the effectiveness of security controls. 2. Develop and execute complex attack scenarios using tactics, techniques, and procedures (TTPs) aligned with real-world threat actors. 3. Perform internal Red Team Assessment across networks, applications, endpoints, and cloud environments. 4. Develop and deploy custom attack tools and payloads (e.g., backdoors, phishing kits, webshells). 5. Use frameworks like MITRE ATT&CK to guide threat simulation strategies. 6. Emulate advanced persistent threat (APTs) using industry-recognized tactics, techniques and procedure (TTPs) 7. Document attack paths, vulnerabilities exploited, and lateral movement techniques, including attack scenarios, vulnerabilities, and recommendations for remediation. 8. Develop custom scripts, tools and methodologies. 9. Hand-on experience with Active Directory attacks, exploitation frameworks and scripting (Python, PowerShell, Bash etc.) 10. Assist SOC team to simulate the SOC Use Case. 11. Assist internal team for Breach Attack Simulation scan and improve overall BAS posture. 12. Identify and exploit vulnerabilities across infrastructure, applications, cloud environment and physical security. 13. Provide detailed reports with remediation strategies and executive summaries. 14. Collaboration with Blue Teams - Work closely with defensive teams to share insights, improve detection capabilities, and strengthen incident response. 15. Track remediation efforts and perform follow-up to confirm closure of reported findings. Configuration Audit Based Assessment 1. Conduct technical configuration audits across servers, database, endpoints, network devices, cloud platforms and cybersecurity solutions. 2. Review system and security settings to ensure alignment with secure configuration standards as per CIS, NIST, ISO & Regulatory requirements. 3. Identify configuration gaps, control weaknesses and recommend remediation steps. 4. Work with IT, Infrastructure and Security Operations teams to validate configuration compliance. 5. Document audit findings, prepare reports and present results to stakeholders in a clear and structured manner. 6. Support risk assessments and internal/external audits by providing configuration compliance evidence. 7. Stay updated evolving security standards, compliance requirements and vendor configuration guidelines. 8. Track remediation efforts and perform follow-up audits to confirm closure of findings. MANDATORY SKILLS REQUIRED 1. Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience). 2. MITRE ATT&CK mapping and threat modelling 3. Strong understanding of regulatory frameworks (RBI, ISO 27001). 4. Excellent soft skills: stakeholder communication, presentation, and leadership. 5. Certifications such as OSCP, OSCE, CEH, GPEN are highly preferred 6. Understanding of secure network architecture, segmentation and defence in depth. 7. Designing and implementing security controls across systems, networks and applications. 8. Ability to analyze complex security issues and clearly communicate them to non-technical stakeholders. 9. Strong understanding of offensive security techniques and threat modeling. 10. Proficiency in scripting languages (Python, Bash, PowerShell). 11. Experience with tools like Metasploit, Cobalt Strike, Burp Suite, and Nmap. 12. Familiarity with cloud platforms (AWS, Azure, GCP) and their security configurations. 13. Knowledge of regulatory frameworks and audit standards. 14. Ability to write clear, actionable technical and executive-level reports. 15. Certifications such as OSCP, CRTP, CEH, or CISSP are highly desirable. 16. Familiarity with secure configuration frameworks such as CIS Benchmarks, NIST Framework, ISO 27001 etc. Preferred Traits 1. Analytical mindset with attention to detail. 2. Excellent communication and collaboration skills. 3. Passion for cybersecurity and continuous learning.

Posted 6 hours ago

Apply

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.